Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/ccf3a5-030d-4b54-8079-8a5f169a5ae7/1/4KtF4XIHaqzKGcSYx_oDSJeXf_k.roa
File:                     4KtF4XIHaqzKGcSYx_oDSJeXf_k.roa (raw, json)
Hash identifier:          U3nxwca9TOVj/dq41laA7Eciyp+GLfVUZCLSOwrkwxk=
Subject key identifier:   E0:AB:45:E1:72:07:6A:AC:CA:19:C4:98:C7:FA:03:48:97:97:7F:F9
Certificate issuer:       /CN=4f3573cd7d561cd37e0f331f6ca38de9202042b2
Certificate serial:       018CC56EFB5D866CCD6172F65F790BC203BD
Authority key identifier: 4F:35:73:CD:7D:56:1C:D3:7E:0F:33:1F:6C:A3:8D:E9:20:20:42:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzVzzX1WHNN-DzMfbKON6SAgQrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/ccf3a5-030d-4b54-8079-8a5f169a5ae7/1/4KtF4XIHaqzKGcSYx_oDSJeXf_k.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2860
IP address blocks:        195.246.238.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/ccf3a5-030d-4b54-8079-8a5f169a5ae7/1/TzVzzX1WHNN-DzMfbKON6SAgQrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/ccf3a5-030d-4b54-8079-8a5f169a5ae7/1/TzVzzX1WHNN-DzMfbKON6SAgQrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TzVzzX1WHNN-DzMfbKON6SAgQrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fb:5d:86:6c:cd:61:72:f6:5f:79:0b:c2:03:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f3573cd7d561cd37e0f331f6ca38de9202042b2
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0ab45e172076aacca19c498c7fa034897977ff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:43:94:1f:17:96:72:12:bb:b3:68:97:37:db:
                    f8:8e:c2:15:50:77:ad:ce:5d:8d:06:4f:04:7f:71:
                    b2:54:35:e0:50:77:0a:fe:a3:ad:2d:68:22:b5:30:
                    fa:f9:73:6a:ed:e1:57:e3:63:a7:88:ef:6a:58:96:
                    1e:15:4a:3c:2d:00:27:f3:ac:0e:f4:3f:40:2e:ad:
                    24:39:f5:43:7b:21:81:1c:29:b5:c8:f0:ee:9a:49:
                    9b:8c:8c:b0:ba:d5:8b:ad:08:76:c2:6f:6b:5d:d1:
                    f4:9b:9c:bc:fb:74:34:ff:6d:4e:3f:06:7d:9c:97:
                    c8:f1:9f:66:79:cf:95:bd:20:6d:2b:10:00:6c:f9:
                    ff:2d:1d:df:16:c7:31:00:26:a7:b9:18:da:2e:d6:
                    58:df:c2:d5:40:29:dc:77:43:c5:b3:7b:81:31:3c:
                    e5:88:0b:5d:92:c9:c1:24:07:74:c2:93:f7:c4:11:
                    e3:93:7b:6f:d9:62:71:1e:a5:53:d7:ba:b0:08:b4:
                    16:7d:28:aa:d2:9b:9a:91:12:fc:f9:9b:cb:15:da:
                    04:7b:05:b7:dc:8e:36:82:7a:fc:d3:7a:32:26:aa:
                    a7:2d:e2:a5:52:84:86:af:ec:bb:9d:97:f5:c5:39:
                    d0:e2:0e:8a:23:90:80:3d:06:e7:2e:4d:a9:1b:a5:
                    16:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:AB:45:E1:72:07:6A:AC:CA:19:C4:98:C7:FA:03:48:97:97:7F:F9
            X509v3 Authority Key Identifier:
                keyid:4F:35:73:CD:7D:56:1C:D3:7E:0F:33:1F:6C:A3:8D:E9:20:20:42:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzVzzX1WHNN-DzMfbKON6SAgQrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ccf3a5-030d-4b54-8079-8a5f169a5ae7/1/4KtF4XIHaqzKGcSYx_oDSJeXf_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ccf3a5-030d-4b54-8079-8a5f169a5ae7/1/TzVzzX1WHNN-DzMfbKON6SAgQrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:af:d1:1a:83:97:4c:95:9c:e0:e2:9b:9b:c9:84:3d:a8:af:
         f9:22:c7:ff:da:c6:eb:b4:72:f3:ce:d2:d1:6f:4b:d0:e2:1c:
         d0:14:bd:db:fe:bd:7f:65:66:7f:a7:67:be:dc:8f:37:8a:3c:
         69:9f:d1:7c:a4:7c:97:b3:88:48:af:bf:61:32:8c:c5:1c:ba:
         5d:d9:5d:c2:91:7a:ba:17:99:ce:0a:82:84:86:87:78:1c:5a:
         96:cf:1e:f2:7c:50:da:5a:a9:a2:44:65:e5:38:ba:53:50:eb:
         4d:40:8c:8c:ca:cb:d4:a3:d4:80:f3:c8:3d:bb:02:e2:4b:aa:
         c9:42:90:1b:96:f1:e6:61:a8:ff:85:8c:73:d2:a3:04:70:cc:
         de:61:51:3e:f9:e6:15:36:7f:47:03:67:75:57:59:1b:a0:9c:
         e3:10:b1:84:4b:a9:cd:0a:49:8d:59:59:90:2c:4c:dc:22:28:
         de:a1:db:b6:66:a9:c9:dd:27:6a:9e:46:3e:3b:fe:3e:29:7c:
         07:e5:7d:c9:36:38:90:8a:17:7b:e2:ed:64:33:05:13:ae:c6:
         28:ed:89:e2:5e:d4:5b:62:a0:1a:4d:c7:10:5a:0b:08:08:23:
         3e:21:c2:ec:6e:aa:53:dc:f9:e3:25:00:12:4a:ab:27:c3:8a:
         70:87:59:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvtdhmzNYXL2X3kLwgO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMzU3M2NkN2Q1NjFjZDM3ZTBmMzMxZjZjYTM4ZGU5MjAy
MDQyYjIwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGFiNDVlMTcyMDc2YWFjY2ExOWM0OThjN2ZhMDM0ODk3OTc3ZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykOUHxeWchK7s2iXN9v4jsIVUHet
zl2NBk8Ef3GyVDXgUHcK/qOtLWgitTD6+XNq7eFX42OniO9qWJYeFUo8LQAn86wO
9D9ALq0kOfVDeyGBHCm1yPDumkmbjIywutWLrQh2wm9rXdH0m5y8+3Q0/21OPwZ9
nJfI8Z9mec+VvSBtKxAAbPn/LR3fFscxACanuRjaLtZY38LVQCncd0PFs3uBMTzl
iAtdksnBJAd0wpP3xBHjk3tv2WJxHqVT17qwCLQWfSiq0puakRL8+ZvLFdoEewW3
3I42gnr803oyJqqnLeKlUoSGr+y7nZf1xTnQ4g6KI5CAPQbnLk2pG6UWUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCrReFyB2qsyhnEmMf6A0iXl3/5MB8GA1UdIwQY
MBaAFE81c819VhzTfg8zH2yjjekgIEKyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHpWenpYMVdITk4tRHpNZmJLT042U0FnUXJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9jY2YzYTUtMDMwZC00YjU0LTgwNzkt
OGE1ZjE2OWE1YWU3LzEvNEt0RjRYSUhhcXpLR2NTWXhfb0RTSmVYZl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9jY2YzYTUtMDMwZC00YjU0LTgwNzktOGE1ZjE2OWE1YWU3
LzEvVHpWenpYMVdITk4tRHpNZmJLT042U0FnUXJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/buMA0G
CSqGSIb3DQEBCwUAA4IBAQBBr9Eag5dMlZzg4pubyYQ9qK/5Isf/2sbrtHLzztLR
b0vQ4hzQFL3b/r1/ZWZ/p2e+3I83ijxpn9F8pHyXs4hIr79hMozFHLpd2V3CkXq6
F5nOCoKEhod4HFqWzx7yfFDaWqmiRGXlOLpTUOtNQIyMysvUo9SA88g9uwLiS6rJ
QpAblvHmYaj/hYxz0qMEcMzeYVE++eYVNn9HA2d1V1kboJzjELGES6nNCkmNWVmQ
LEzcIijeodu2ZqnJ3SdqnkY+O/4+KXwH5X3JNjiQihd74u1kMwUTrsYo7YniXtRb
YqAaTccQWgsICCM+IcLsbqpT3PnjJQASSqsnw4pwh1mC
-----END CERTIFICATE-----